Protecting content from users is a failed game. This kind of protection is useless. At the very least, they need to decrypt information before it passed through our eyes and ears - that's the weak link in the chain.
I think the weak link in the chain is only after decryption, but before uncompression (for lossy formats, so books excluded). See, for example, [1] and [2], where the authors look at randomness and entropy measures of I/O to find where the decrypted-but-compressed buffers are.
